Academic journal article Communications of the IIMA

A Normative Model for Assessing SME IT Effectiveness

Academic journal article Communications of the IIMA

A Normative Model for Assessing SME IT Effectiveness

Article excerpt


Information technology (IT) is a key enabler of modern small businesses, yet fostering reliably effective IT systems remains a significant challenge. This paper presents a light weight IT effectiveness model for small businesses to assess their IT and formulate strategies for improvement. Employing an action research approach we investigate a mixed method analysis of 120 survey responses from small family businesses and user participation in 10 semi-structured interviews. We then conduct critical reflection to identify refinements which are validated using 72 survey responses from university students. The results present compelling evidence that employees' normative patterns (norms) are a significant driver of IT effectiveness in a second order PLS predictive model able to explain 26% of observed variance.

A norms-based approach to IT effectiveness helps fill a significant research and managerial gap for organizations unable or unwilling to adopt IT best practice frameworks used by large organizations. Our findings imply that comparing norms to IT best practices may offer a less technical approach to assessing IT operations, which may be well suited to small businesses. Although further investigation cycles are needed to systematically test this model, we encourage small business managers to: 1) anticipate IT risks and mitigate them; 2) identify measures of IT performance, and monitor them, and 3) review/synchronize business and IT goals.

Keywords: SME, IT effectiveness, IT governance, information systems, action research


There are many approaches to IT effectiveness, which we define as attempts to assess and improve the contribution of IT to business goals. Large organizations often follow a "top-down" approach by adopting IT best practice frameworks such as COBIT, ITIL or ISO/IEC standards to guide their efforts. However, our experience suggests that IT best practice frameworks, are too technical and resource intensive for many small businesses. Therefore, we employed action research which is well-suited to developing practical knowledge through participatory investigation (Reason, 2003) in order to formulate change (Given, 2008). Specifically, we seek to formulate a new approach to IT effectiveness for organizations unable or unwilling to adopt formal IT best practice frameworks.

Our work posits a "middle out" approach which incorporates the participatory role employees' play in using IT systems to achieve IT effectiveness. Our novel approach to assess IT and guide improvement advocates comparing IT effectiveness norms, or employees' normative patterns, with IT best practices. We anticipate two important sources for IT effectiveness norms in organizations. First, employees may adopt normative practices when they are mandated by policies and procedures; simple compliance is all that is necessary for this norm to exist. However, an important second source is when individuals internalize the spirit of these IT practices and act accordingly.

For example, protecting the company's intellectual property (IP) is a common business IT goal. An IT enforced password policy ensures that logging into the system with a strong password becomes a routine pattern, or norm and is one effective step to protect IP. While compliance with the password policy is desirable, we argue that a better outcome is for employees to internalize the spirit of this policy and exhibit other behaviours which support the underlying IT policy of protecting IP. An employee who writes their password onto a note then tapes it to their monitor is not following the policy's spirit. In contrast, before releasing a report outside of the organization, an employee might decide to first review language describing IP with her supervisor to ensure its suitability. That action would demonstrate adoption of the belief system underlying the policy over simple compliance.

Our experience working with numerous small businesses suggests there is a pressing need for better approaches to managing IT. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.